@cedarjs/api-server (>=1.0.0-canary.12879 <=1.0.0-canary.12881), @cedarjs/cli (>=1.0.0-canary.12879 <=1.0.0-canary.12881) +10 more potentially affected by CVE-2025-55183 +2 more via react-server-dom-webpack (=19.2.2)

react-server-dom-webpack NPM version =19.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879,...

Deserialization of Untrusted Data

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...

Node.js React Server Components Denial of Service and Source Code Exposure (CVE-2025-55183, CVE-2025-55184)

Multiple Node.js React Server Components packages are affected by denial of service and source code exposure vulnerabilities. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1 - react-server-dom-parcel 19.0....

Meta React Server Components 安全漏洞

Meta React Server Components is a series of components from Meta USA. A security vulnerability exists in Meta React Server Components versions 19.0.2, 19.1.3, and 19.2.2, which stems from insecure deserialization and could lead to an infinite loop and denial of service...

Node.js React Server Components Denial of Service (CVE-2025-67779)

Multiple Node.js React Server Components packages are affected by a denial of service vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.2, 19.1.3, 19.2.2 - react-server-dom-parcel 19.0.2, 19.1.3, 19.2.2 - react-server-dom-turbopack 19.0.2,...

CVE-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...

CVE-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...

GHSA-W37M-7FHW-FMV9 Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

GHSA-MWV6-3258-Q52C Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

GHSA-2M3V-V2M8-Q956 Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

Deserialization of Untrusted Data

Overview next is a react framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang,...

Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

EUVD-2025-202877

Denial of Service Vulnerability in React Server Components...

@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (=19.2.1)

react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

Deserialization of Untrusted Data

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...

Deserialization of Untrusted Data

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...